KPI for last update to CVEs
When a new CVE comes in that we are going to measure, we want to see it reported to our customers as soon as possible.
By measuring the time from CVE report to us having it in our product and setting a target for this KPI we can present customers with a good customer experience.
Steps to develop this KPI (up for discussion):
- Establish how we will measure (CVE date to Merge?)
- For past 3-6 months establish baseline numbers and historical performance
- Establish an automated method to capture this data and report in periscope
- Based on previous two parts, establish a target KPI and shift resources if we are not within the KPI performance boundaries.
The current suggested KPI metrics is less than 7 days.